Version History

2.0.0.1cbef April 16th, 2012

• Fixed incorrect parsing of a domain name in CONNECT requests from browsers to Squid. Now it is possible to enforce web filtering on HTTPS request passed through Squid proxy. Due to the nature of CONNECT transactions only domain name web filtering modules (ad block, adult URL heuristics and URL categorization) are able to utilize this new functionality.

Download Links:

• ​http://quintolabs.com/qlproxy/binaries/2.0.1/qlproxy-2.0.0-1cbef.i386.rpm
• ​http://quintolabs.com/qlproxy/binaries/2.0.1/centos5/qlproxy-2.0.0-1cbef.i386.rpm
• ​http://quintolabs.com/qlproxy/binaries/2.0.1/qlproxy-2.0.0.1cbef-ubuntu_i386.deb
• ​http://quintolabs.com/qlproxy/binaries/2.0.1/qlproxy-2.0.0.1cbef-debian_i386.deb
• ​http://quintolabs.com/qlproxy/binaries/2.0.1/debian5/qlproxy-2.0.0.1cbef-debian_i386.deb
• ​http://quintolabs.com/qlproxy/binaries/2.0.1/qlproxy-2.0.0.1cbef-suse_i386.tgz
• ​http://quintolabs.com/qlproxy/binaries/2.0.1/qlproxy-2.0.0.1cbef_i386.msi

2.0.0.bb01d February 28th, 2012

• Added support for policies (different settings for different proxy users) greatly improving usability of the program in educational institutions and enterprises.
• Virtual Appliance is built using VMWare Virtual Studio and can be deployed on VMWare Server, Player, Workstation as well as ESX/ESXi.
• Added support for installing the application of Debian 5, OpenSUSE 12, Windows 8 CP.
• Improved quality of installation package on Ubuntu / Debian.
• Improved Ad Block module memory usage and performance.
• Web UI now shows full configuration information (still read only for now).
• Updated Apache integration information for Python, virtualenv and Django.
• Simplified configuration settings.
• Improved exception list (added domain and subdomain exceptions)
• Windows installation uses tasks in system Task Scheduler component.
• Update scripts rewritten in cross platform Python, no need to enable Powershell scripts in Windows now.

1.4.2.32d12 November 21st, 2011

• Added support for installing the application of Fedora 16.
• Report generation subsystem is rewritten to produce the reports faster and in real time (report conversion and upload from access logs are still done once a day)
• Number of available usage reports is increased. All reports are grouped into four categories that allows for simple overview of what was blocked and for which user.

Download Links:

• ​http://quintolabs.com/qlproxy/binaries/1.4.2/qlproxy-1.4.2-32d12.i386.rpm
• ​http://quintolabs.com/qlproxy/binaries/1.4.2/qlproxy-1.4.2.32d12-ubuntu_i386.deb
• ​http://quintolabs.com/qlproxy/binaries/1.4.2/qlproxy-1.4.2.32d12-debian_i386.deb
• ​http://quintolabs.com/qlproxy/binaries/1.4.2/qlproxy-1.4.2.32d12-suse_i386.tgz
• ​http://quintolabs.com/qlproxy/binaries/1.4.2/qlproxy-1.4.2.32d12_i386.msi

1.4.1.f7c1c October 17th, 2011

• New and improved content inspection engine, aimed at detection of explicit language in HTML pages. Enabled by default.
• New RTA (restricted to adults) detection engine that prevents access to web sites with explicitly restricted to adults content.
• Added a weekly cron script to periodically check for a new version of the application on the QuintoLabs web site.

1.4.0.4bd07 October 3rd, 2011

• HotFix release to handle the problem of intermittent crushes in AdBlock module.

1.4.0.72bbf September 6th, 2011

• Added "File Type Filtering Module" that could be used to easily identify executables or other types of files by looking at real file contents (up to 4096 Kb).
• Implemented brute-force content inspection module used to search contents of downloaded web pages for adult or explicit contents. It allows the administrator to filter web pages based on their real contents often faster than URL and Domain block modules did before.
• The application now supports sophisticated "trickled" inspection logic to be able to scan contents of huge files being downloaded through Squid.
• Two phase scanner is implemented. It allows an inspection module to skip scanning large number of files that are known to be safe and that do not need filtering.
• AdBlock module is greatly improved. It now uses a transparent .gif file to imitate the blocked advertisement which in turn leads to better looking web pages without ads (most notably in Microsoft Internet Explorer).
• Improved ICAP RFC compliance when qlproxy detects errors in ICAP transactions, unavailable resources or incorrect internal states.
• Improved file name parsing algorithm for Microsoft IIS servers. The detect ratio for File Name Blocking Module is greatly improved.
• ICAP mode of integration now supports 'redirect' action for a detected objects.
• Objects with gzip transfer encoding are also inspected by all modules now.
• Fixed a typo in the configuration parser module when disabling AdBlock also leads to disable Parental Controls module.
• Tiny Proxy Virtual Appliance are now packed with README file.
• Dropped support for Debian 5 and Fedora 13.
• Added support for dumping inspected objects to temporary files in /var/opt/quintolabs/qlproxy/tmp to ease debugging scenarios.
• Internal ICAP protocol tests are deployed with the application in /opt/quintolabs/qlproxy/bin/tests.

1.3.418.0 June 7th, 2011

• Added alpha support for installing Content Security on Microsoft Windows Platforms. It is now possible to integrate Content Security as URL rewriter for Squid 2.7+ running on the same Windows box or deploy Content Security as standalone ICAP server for Squid 3+ running on separate boxes. The filtering functionality works fully but additional functionality remains to be implemented (automatic updates of definition files and reports generation).
• Reports web page was redesigned, it now displays in read only mode the current configuration of the qlproxy, latest results of log rotation, cron daily jobs and URLs blocked.
• Installation folders have been reorganized, the application is now installed in /opt and /var/opt according to Linux File System Standard.
• Fixed SIGPIPE and daemon termination error under stress conditions.
• Advertisement Blocking Engine is rewritten, it now supports more filters from AdBlock Plus based subscriptions and correctly processes domain exclusions and white lists.
• File Name Blocking is improved as it parses more file names out of HTTP responses and thus quality of file name blocking is greatly increased.
• Install package naming convention changed, it now contains the name of the Linux distribution (e.g. ubuntu, debian, suse).
• QuintoLabs Virtual Appliance updated and is now based on Debian 6. The root is explicitly granted a P@ssw0rd that makes it easier for administrators to adjust the appliance to their needs.
• Some minor changes in logrotate and cron scripts
• The 'URL is blocked' page now contains the actual filter that blocked the URL in advertisement module. It greatly increases the efforts needed to understand the reasons of possible false positives.
• The intercepted HTTP requests and responses could now be dumped into a temporary directory.
• Created initial SELinux policy that confines qlproxyd daemon. It is installed in /opt/quintolabs/qlproxy/usr/share/selinux and must be compiled by the administrator manually.

1.2.276.0 May 8th, 2011

• Possible bug with incorrect URI scheme parsing is fixed. The bug occurred only under specific conditions and did not influence all installations. Only those affected by the bug are advised to upgrade.

1.2.232.0 April 3rd, 2011

• The serious bug of incorrect classification of URL as advertisement was fixed. The reason of the bug is incorrect parsing of one of the "easy list" filters that starts with http:// and should have been applied to one web site only and NOT to all web sites as did AdBlock module of Content Security.

1.2.217.0 March 16th, 2011

• Debian Linux 5 and 6 are now supported.
• OpenSUSE 11.3 and SUSE Enterprise Linux are supported (as binary TGZ package).
• Added support for ICAP RESPMOD (response modification).
• Adjusted naming scheme for *.deb and *.rpm packages. The previous versions of the program are now correctly detected as obsolete.
• Updated installation instructions for RedHat 5+, !CentOS 5+ with !SELinux enabled
• AdBlock module performance and accuracy are greatly improved.
• Fixed possible endless loop in AdBlock module.
• Fixed incorrect handling of * (star) filter in Easy Privacy module.
• Content Blocking module is now active, allows blocking of downloads by Content-Type, Charset, Encoding and File Name.
• Parental Control (Adult Block) Filter is now a separate module.
• Configuration files for modules have been renamed to make it easy to find the configuration file for a given module.
• Heuristics used in Parental Control module is enhanced to allow easy blocking of inappropriate Google Images.
• Introduced a new module (HTTP method filtering) that lets administrator block the inappropriate HTTP methods (like DAV over HTTP).
• Reports HTML are redesigned, allowing for easy incidents filtering.
• Detection of reason for blocking is improved (incident id is displayed in the Blocked Page Template).
• Access log statistics are now kept for the last 30 days only.
• Pthread stack size is now 1Mb instead of 8Mb thus virtual memory requirements of the qlproxyd daemon is decreased.

1.1.110.0 January 24th, 2011

• Added support for ICAP REQMOD (request modification).
• Improved performance due to use of multithreading in the qlproxy daemon.
• Added support for ArchLinux operating system.
• Log file access.log now contains the incident id that lets administrator easily find the reason why a specific URL was blocked.
• Disk I/O is optimized if no log files are configured in the qlproxy.conf.
• Uninstall removes orphan files from /etc.

1.0.950.0 November 28th, 2010

• This is the first release of the application.